Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | |||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2023-38544 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2023-12-10 | N/A | 5.5 MEDIUM |
| A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | |||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-12-10 | N/A | 7.0 HIGH |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | |||||